Git Product home page Git Product logo

uefi_bindiff's Introduction

UEFI modules analysing with BinDiff IDA plugin

Table of Contents

Introduction

In fact, most real UEFI firmwares are building using edk2. Thus, to simplify the analysis, we can match debug versions of UEFI images with release versions from real firmware using BinDiff.

Software

Usage

i64 files generation

  • clone this repo and update submodules

    git clone https://github.com/yeggor/UEFI_BinDiff
cd UEFI_BinDiff
git submodule update --init --recursive

  • copy analyse_and_exit.py script to idc IDA directory (for example: C:\Program Files\IDA Pro 7.5\idc)

  • check values in config.json file

  • build efi modules with debug information

    • open Developer Command Prompt for VS
    • run python edk2_build.py from UEFI_BinDiff directory
    • if everything went well, you should see the efi_modules directory with .efi files
    • otherwise, you need to look for the reason here

  • run python gen_idbs.py efi_modules script to generate i64 files

    • after the script end, you should see the IDA database files next to each .efi file

Analysing release versions of UEFI images with BinDiff IDA plugin

Check here to get started with BinDiff IDA plugin.

If the plugin is installed:

  • open UEFI module in IDA

  • File - BinDiff

    • choose .efi.i64 file with similar name from efi_modules directory
    • for example, for DxeCore file choose efi_modules\DxeCore.i64 file

  • you can import symbols and comments in Matched Functions window

    matched-functions

  • also you can compare the flow of execution for each function

    flow-graph

Conclusion

Using this method, you can significantly reduce the time for analysing UEFI images.

uefi_bindiff's People

Contributors

fengjixuchui avatar yeggor avatar

Stargazers

avatar

Forkers

freemanzyq 5l1v3r1 wbaby killvxk ntzwq

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.